Revert "fix: add challenge for HTTP Basic Authentication to container registry" (#12058)

This reverts commit 79ed45d39a. Testing has shown that it breaks Docker 26 which is the version included in Debian Trixie. It was originally introduced with https://codeberg.org/forgejo/forgejo/pulls/11678. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12058 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
2026-05-13 06:20:24 +00:00 · 2026-04-09 12:21:44 +02:00 · 2026-04-09 12:21:44 +02:00 · 703256e50e
commit 703256e50e
parent b2617cf0bb
3 changed files with 3 additions and 10 deletions
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@ -118,8 +118,7 @@ func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) {
 func APIUnauthorizedError(ctx *context.Context) {
 	// Do not include more than one challenge in the same header field. That breaks clients even though the HTTP RFC
 	// allows it.
-	ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
-	ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Forgejo Container Registry"`)
+	ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
 	apiErrorDefined(ctx, container_service.ErrUnauthorized)
 }

--- a/tests/integration/api_packages_container_cleanup_sha256_test.go
+++ b/tests/integration/api_packages_container_cleanup_sha256_test.go
@ -63,10 +63,7 @@ func TestPackageContainerCleanupSHA256(t *testing.T) {
 			Token string `json:"token"`
 		}

-		authenticate := []string{
-			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
-			`Basic realm="Forgejo Container Registry"`,
-		}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}

 		t.Run("User", func(t *testing.T) {
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@ -91,10 +91,7 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}

-		authenticate := []string{
-			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
-			`Basic realm="Forgejo Container Registry"`,
-		}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}

 		t.Run("Anonymous", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()